We dont see any secret key associated with our request to login or inside unity setting file. So if someone has our title id will he be able to post to our title.
We dont see any secret key associated with our request to login or inside unity setting file. So if someone has our title id will he be able to post to our title.
If you use the PlayFab editor extension in Unity. Please navigate to [SETTINGS]->[STUDIOS], expand a title, then you can find the secret key. Generally, if you use the editor extension, and login successfully, it will autofill the secret key for you.
Thanks for the quick reply but how does app gets this secret key?
Do you mean the Client API Security? If so, you can navigate to this thread.
@Sarah Zhang The question is how is the server API secured?
as an example> after we release the mobile app. what stops a malicious user to post currentcy/leaderboard transactions to our backend ?
@Prasheela Naik Dessai You shouldn't release the app with the Server API or Admin API enabled at all, or else any player could have complete control over your game data.
@Prasheela Naik DessaiThat thread I provided also mentioned this point. And as Brandon said, the only places you should use the Server or Admin API is in Cloud Script or a custom game server.
4 People are following this question.
